Implement attach for both windows and linux #3328
Conversation
For linux, we use ptrace() to inject dynamorio to running process. For windows, we get target process handle using DebugActiveProcess() and inject with original dr_inject_process_inject().
|
I think it's only working on x86/x64 since inject_ptrace is not available for arm |
|
Thank you for the patch. Just letting you know that I will look at it soon: been on vacation. |
| @@ -278,9 +278,9 @@ endif (WIN32) | |||
|
|
|||
| if (WIN32) | |||
| if (DEBUG) | |||
| set(WIN32_C_LIB libcmtd) | |||
| set(WIN32_C_LIB libcmtd Psapi) | |||
There was a problem hiding this comment.
This psapi dependence should not be added here since this is linked into the core DR library. We do not want the core DR library to have extra dependences: it will fail to function with early injection and will hit transparency issues in general. Please see the transparency slides in the DR tutorial and http://dynamorio.org/docs/transparency.html#sec_trans_resource. Please only link this with non-core targets like drinjectlib.
| return ERROR_INVALID_PARAMETER; | ||
| } | ||
|
|
||
| strcpy(info->image_name, pExeName + 1); |
There was a problem hiding this comment.
strcpy is not allowed: use strncpy and NULL_TERMINATE_BUFFER
| } | ||
| char szExePath[MAX_PATH]; | ||
| char *pExeName = NULL; | ||
| GetModuleFileNameExA(dbgevt.u.CreateProcessInfo.hProcess, NULL, szExePath, |
There was a problem hiding this comment.
We should use the ExW version to properly handle non-ascii chars
| " -logdir <dir> Logfiles will be stored in this directory.\n" | ||
| # endif | ||
| " -attach <pid> Attach to the process with the given pid. Pass 0\n" |
There was a problem hiding this comment.
The big problem with attach on Windows is that if we attach when a thread is inside a Windows callback we will lose control when it goes back into the kernel, since there is no way to know where it will resume. We have some syscall hooks to try and regain control but there will at least be a window where that thread is native. We should document this: maybe label Windows attach support as "experimental" or describe this issue.
| " -logdir <dir> Logfiles will be stored in this directory.\n" | ||
| # endif | ||
| " -attach <pid> Attach to the process with the given pid. Pass 0\n" |
There was a problem hiding this comment.
Maybe the main documentation ("page_deploy" in intro.dox) should talk about attaching as a supported feature?
It should be listed in the changelog in release.dox for sure as a major feature.
| if (attach_pid != 0) { | ||
| errcode = dr_inject_process_attach(attach_pid, &inject_data); | ||
| } else | ||
| # endif /* WINDOWS */ |
There was a problem hiding this comment.
Would it be possible to write some simple tests of these new attach features? It will take a little more work than adding a regular test because you'll need to launch something in the background. See client.nudge_test and how it has a .runall file and uses run_in_bg to run the infloop app in the background.
If you'd prefer to make adding a test a separate CL that would be fine.
|
run arm tests |
1 similar comment
|
run arm tests |
|
@summershrimp are you planning to resume this PR? |
|
Yes, but a little busy these days. I'll do it asap |
|
Pasting from #4601 (comment)
Thank you for contributing! That drdploy.c file turns into drconfg.exe, drrun.exe, and drinject.exe. The -attach would apply only to drrun.exe and drinject.exe. drinject.exe is rarely used so it would be drrun.exe for a manual test. See https://dynamorio.org/dynamorio_docs/page_deploy.html#win_deploy As requested above (#3328 (comment)) we would want an automated test added to the suite as well. |
|
I would restart working on this PR soon |
|
Hello, Thank you and have a nice day! |
You're asking why this PR addes an -attach flag but doesn't update the usage message which says to always pass "-- app"? Agreed, it should update the usage message to say that an application should not be passed, and should complain about it (I think the PR code would just silently ignore the passed app now). |
Okey i will fix that thanks! |
Hello, |
|
Any progress here? This is a critical feature for me. |
I would say go ahead and submit a PR yourself finishing this off since it is not clear what the status is of the others who have started on it. |
|
#5019 which includes the Linux portion of the changes here is merged -- but the Windows portion of this PR is not yet merged. |
Adds an attach feature for Windows, marked as experimental. Builds on the unsubmitted PR #3328. One difference from the original PR, is not taking over threads that are terminating (otherwise attach always fails). Added the possibility to sleep 1 millisecond between takeover attempts, and controlling the number of attempts. Attach fails when the main thread (to which we are injecting) is blocking. To solve this, we create a new suspended thread that sleeps indefinitely and we inject into it. As part of pointing this thread at a Sleep function, generalizes find_remote_ntdll_base() to find_remote_dll_base(), and solves an infinite loop there coming from strange kernel behavior. Adds attach documentation to the section on how to deploy an application under DR. Adds a new test client.attach. It uses a new target rather than the existing infloop due to differences in staging the output checking steps. Unfortunately there are still some flaky failures, so the test is added to the ignore list for now in order to make progress and get this key feature into DR. Co-authored-by: Yibai Zhang <xm1994@gmail.com> Co-authored-by: orbp <obporathl@gmail.com> Issue: #725
|
With PR #5075 adding Windows attach by building on this PR I think everything here is now merged so we can close this. Thank you for this initial PR: even though it didn't get merged it seeded the subsequent PR's. |
For linux, we use ptrace() to inject dynamorio to running process.
For windows, we get target process handle using DebugActiveProcess()
and inject with original dr_inject_process_inject().